AWS S3 - VA On-premises
To get to the AWS S3 page, from the navigation pane on the left, click Cloud > AWS S3.
The AWS S3 page contains the following fields:
Element | Field | Description |
---|---|---|
1 | Policy Name | Specify a policy for the AWS S3 connector to work with. Select the Default Policy if you have not created an alternative policy to use. |
2 | Queue URL | Specify the AWS queue URL. See below for details. |
3 | Access Key | Specify the AWS access key of the IAM user. |
4 | Secret Key | Specify the AWS secret key of the IAM user. |
Note
Fields marked with a * red asterisk are mandatory, to be completed.
As you make changes the Items Changed count increases. When finished making changes at the bottom of the page select to either Save Changes or Reset to the original settings.
Prerequisites
n | AWS SQS (Simple Queue Service) Queue (see Creating an AWS SQS Queue for details) |
n | Amazon S3 (Simple Storage Service) bucket |
n | AWS IAM (Identity and Access Management) user that has access to SQS and S3 |
Creating an AWS SQS Queue
You must create an AWS SQS (Simple Queue Service) Queue for S3 bucket integration.
1. | Login to your AWS account. |
2. | Navigate to Simple Queue Service. |
3. | Click on Create queue. |
4. | Under Type, select Standard. |
5. | Enter a Name for the queue. |
6. | Modify the values according to the example below: |
7. | For the Access policy, choose Advanced. |
8. | You may use the below template and replace <AWS_ACCOUNT_NUM>, <QUEUE_NAME> and <BUCKET_NAME> with their actual values: |
{
"Version": "2012-10-17",
"Id": "example-ID",
"Statement": [
{
"Sid": "example-statement-ID",
"Effect": "Allow",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Action": [
"SQS:SendMessage"
],
"Resource": "arn:aws:sqs:us-east-1:<AWS_ACCOUNT_NUM>:<QUEUE_NAME>",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:<BUCKET_NAME>"
},
"StringEquals": {
"aws:SourceAccount": "<AWS_ACCOUNT_NUM>"
}
}
}
}
]
}
9. | Under Tags, you may create an optional tag for the queue by setting Key to "Name" and Value to the queue name, for example: |
10. | Other options should remain at their default values. |
11. | Click on Create queue. |
Assigning the Queue to an Existing S3 Bucket
1. | Navigate to the desired bucket. |
2. | Select the Properties tab. |
3. | Scroll down to Event notifications. |
4. | Click on Create event notifications. |
5. | Set the Event name to the desired name. |
6. | Under Event types, select All object create events. For example: |
7. | Under Destination, select SQS queue. |
8. | Under Specify SQS queue, select Choose from your SQS queues. |
9. | Select the SQS queue from the list of available queues. For example: |
10. | To save the SQS queue configuration, click on Save changes. |
Example of an IAM User JSON Policy with Limited Access to the Bucket
To use the example below, replace <AWS_ACCOUNT_NUM>, <QUEUE_NAME> and <BUCKET_NAME> with their actual values.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:DeleteObject",
"s3:PutObjectTagging"
],
"Resource": "arn:aws:s3:::<BUCKET_NAME>/*"
},
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "arn:aws:sqs:us-east-1:<AWS_ACCOUNT_NUM>:<QUEUE_NAME>"
}
]
}
AWS S3 Flowchart
The following diagram illustrates the procedure:
Comments
0 comments
Please sign in to leave a comment.